2 matches found
CVE-2024-2115
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.0. This is due to missing or incorrect nonce validation on the filterusers functions. This makes it possible for unauthenticated attackers to elevate...
CVE-2024-2115
CVE-2024-2115 affects LearnPress – WordPress LMS Plugin up to version 4.0.0. Root cause: missing/incorrect nonce validation in filter_users leading to CSRF. Impact: unauthenticated attackers can elevate privileges to Teacher by tricking an admin into performing an action. Public details in connec...